Malware Filled USB Devices

Malware Filled USB Devices

by Fox Van Allen for Techlicious

A few months ago, white hat security expert Karsten Nohl of SR Labs revealed that computer USB devices are wide open to malware attack through a hole named “BadUSB.” Nohl held off on releasing the code behind the vulnerability at the time. But now, at the DerbyCon hacking conference in Louisville, Kentucky, computer security researchers Adam Caudill and Brandon Wilson have made the decision to release full details about BadUSB to the public.

“The belief we have is that all of this should be public. It shouldn’t be held back. So we’re releasing everything we’ve got,” Caudill told the DerbyCon audience. “This was largely inspired by the fact that [SR Labs] didn’t release their material. If you’re going to prove that there’s a flaw, you need to release the material so people can defend against it.”

According to Caudill and Wilson’s research, a hacker could use a readily available USB microcontroller to impersonate a keyboard and run any number of dangerous, data-stealing commands on any computer it’s plugged in to. Because of the nature of BadUSB, the attack would not be caught by a computer’s anti-virus program nor would traces of it be left behind after. In short, BadUSB can turn any USB storage stick into a weapon.